Vulmon Recent Vulnerabilities Trends About Contact

Recent vulnerabilities and exploits

3.3
CVSSv2
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to...
LinuxLinux Kernel
NA
CVE-2019-15709
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI....
NA
CVE-2020-13757
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application...
NA
CVE-2020-9291
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack....
NA
CVE-2020-13758
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload....
NA
CVE-2020-13695
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file....
7.5
CVSSv2
CVE-2019-8641
An out-of-bounds read was addressed with improved input validation....
AppleIphone OsMac Os XTvosWatchos
NA
CVE-2020-9859
Apple macOS Catalina could allow a local attacker to gain elevated privileges on the system, caused by memory consumption in the Kernel component. By using a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel...
NA
CVE-2020-8555
CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager...
NA
CVE-2020-10749
Kubernetes: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-10149HTML injectioncross-site request forgeryinformation disclosureCVE-2019-5412CVE-2019-5336CVE-2020-6937CVE-2020-11651device library wizardabbCVE-2014-8940